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REMARKS 

Claim Rejections Under 35 U.S,C, $112 

Claims 1-20 were rejected under 35 U.S.C. §112, first paragraph, as failing to comply 
with the written description requirement. Applicant respectfully traverses. 

The Office Action states, "With respect to figure 4, lines 19-20 on page 7 state, 'That a 
state has already been visited indicates that all of the states are good.' According to this 
statement, once the first state has been visited, it may be assumed that all other states are good." 
Office Action, page 2, section 2, second paragraph. Applicant notes that the quoted language 
fi-om the Specification has been taken out of context and does not indicate that all other states are 
good once the first state has been visited. 

As provided in paragraph 0032 of the Specification, "To a first approximation, the 
verification begins with the initial state of the product automaton and finds all the successor 
states. This process is repeated until the process finds a state already visited, finds a bad state or 
finds a state for which no control action has been defined. That a state has already been visited 
indicates that all of the states are good." In context, it can be seen that the phrase "has already 
been visited" is indicative of a state being visited for the second time during a verification. 
Applicant thus contends that the Specification is in compliance with 35 U.S.C. § 1 12, first 
paragraph. Accordingly, Applicant respectfixUy requests reconsideration and withdrawal of the 
rejection under 35 U.S.C. § 1 12, first paragraph, and allowance of claims 1-20. 

Claim Rejections Under 35 U,S,C, $102 
35 U.S.C. S 102(b) - Hardin et al. 

Claims 1-20 were rejected under 35 U.S.C. § 102(b) as being anticipated by Hardin et al. 
(U.S. Patent No. 6,102,959). Applicant respectfiiUy traverses. 

The Office Action cites to Figure 2 of Hardin et al. as the basis for rejecting claims 1-20. 
The Office Action states, "In figure 2, Hardin discloses a method for formal verification of a 
system design where the first verification of the system is verified in block 23 after the first 
iteration. Under-defined states are determined and reported in block 24. The loop continues 
through successive states firom decision block 25 back to the input of block 22, where newly 



RESPONSE TO NON-FINAL OFFICE ACTION 

Serial No. 10/015,058 

Tide: INCREMENTAL AUTOMATA VERIFICATION 



Page 3 

Attorney Docket No. H0001845US 



specified states are generated to continue in the loop to successor states. A second verification is 
performed in block 23, and the loop continues through successive verifications." Office Action, 
page 3, section 4, second paragraph. Applicant contends this is a mischaracterization of the cited 
reference. 

Applicant contends that Figure 2 of Hardin et al. does not describe a process of 
successive verifications, as asserted by the Office Action, and therefore cannot describe 
generating newly-defined states, also as asserted by the Office Action. Instead, if a bad or 
unintended state is encountered, it merely purports to report that a bad behavior was found. See, 
e,g,, Hardin et al., column 4, lines 60-62 ("If a bad or unintended state is identified, the 
verification tool reports, at step 24, that a bad behavior was found."). The loop only continues 
on to successor states if no bad behavior is encountered. See, e.g., Hardin et al., column 4, lines 
62-65 ("If, however, no bad or unintended state is identified, then the verification tool 
determines, at step 25, whether all of the next states have already been checked."). 

Claims 1-4 and 15-18 

Claims 1 and 15 recite, in part, "finding an under-defined state of the system," "saving 
execution traces leading up to the under-defined state," "fiirther defining the under-defined state, 
thereby generating a newly specified state" and "performing a second verification of the system 
beginning with the newly specified state, using the saved execution traces, and finding successor 
states." Applicant contends that Hardin et al. does not purport to save execution traces leading 
up to an under-defined state, but merely purports to save system model inputs and resulting 
behavior. See, e,g„ Hardin et al., column 5, lines 7-14 ("During the entire partial search of 
method 20, the verification tool stores a record of each set of inputs that was fed to the system- 
model inputs in each state, and stores a record of the behavior of the system model in response to 
the inputs. Once a bad behavior in the system-model state machine is identified, verification tool 
1 1 is operable to report the set of inputs that caused the state machine to enter a bad state (i.e. the 
bad behavior). Because Hardin et al. does not purport to save the execution traces leading up to 
an under-defined state, it cannot teach or suggest performing a second verification of the system 
beginning with a newly specified state, using the saved execution traces, and finding successor 
states as recited in claims 1 and 15. 
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In view of the foregoing. Applicant contends that claims 1 and 15 are patentably distinct 
from the cited reference. As claims 2-4 depend from and further define patentably distinct claim 
1, and claims 16-18 depend from and further define patentably distinct claim 15, these claims are 
also believed to be allowable. Applicant thus respectfully requests reconsideration and 
withdrawal of the rejection under 35 U.S.C. § 102(b), and allowance of claims 1-4 and 15-18. 

Claims 5-9 and 19 

Claims 5 and 19 recite, in part, "saving verification data from the verification of the first 
instance of the system design, wherein the verification data comprise results of calculations used 
to verify the first instance of the system design," "modifying the system design, thereby 
generating a second instance of the system design" and "verifying the second instance of the 
system design using the saved verification data." As noted with respect to claims 1 and 15, 
Applicant contends that Hardin et al. does not teach or suggest saving verification data including 
results of calculations used to verify a first instance of a system design and therefore cannot 
teach or suggest verifying a second instance of the system design using the saved verification 
data as recited in claims 5 and 19. 

In view of the foregoing, Applicant contends that claims 5 and 19 are patentably distinct 
from the cited reference. As claims 6-8 depend from and further define patentably distinct claim 
5, these claims are also believed to be allowable. Applicant thus respectfully requests 
reconsideration and withdrawal of the rejection under 35 U.S.C. § 102(b), and allowance of 
claims 5-9 and 19. 

Claims 10-14 

Claim 10 recites, in part, "performing a first verification of the system, wherein the first 
verification comprises generating a partial solution pertaining to a first portion of the set of 
automata and generating a partial solution pertaining to a second portion of the set of automata," 
"modifying the system, wherein modifying the system comprises modifying one or more 
automata of the first portion of the set of automata without modifying any automaton of the 
second portion of the set of automata" and "performing a second verification of the system after 
modifying the system, wherein the second verification comprises generating a partial solution 



RESPONSE TO NON-FINAL OFFICE ACTION 
Serial No. 10/015,058 

Title: INCREMENTAL AUTOMATA VERIFICATION 



Page 5 

Attorney Docket No. H0001845US 



pertaining to the first portion of the set of automata and using the partial solution pertaining to 
the second portion of the set of automata generated from the first verification." Applicant 
contends that Hardin et al. merely purports to identify bad behavior in a system-model state 
machine and does not teach or suggest how to modify the system. Cf., Hardin et al., column 5, 
lines 14-16 ("The report may enable, for example, a system designer to identify and fix the error 
in the system-model code that caused the bad behavior."). As such, Applicant contends that 
Hardin et al. cannot teach or suggest modifying one or more automata of the first portion of the 
set of automata without modifying any automaton of the second portion of the set of automata as 
recited in claim 10. Applicant further contends that as Hardin et al. fails to disclose methods of 
modifying the system, it cannot teach or suggest performing a second verification of the system 
after modifying the system, wherein the second verification comprises generating a partial 
solution pertaining to the first portion of the set of automata and using the partial solution 
pertaining to the second portion of the set of automata generated from the first verification as 
recited in claim 10. 

In view of the foregoing, Applicant contends that claim 10 is patentably distinct from the 
cited reference. As claims 11-14 depend from and further define patentably distinct claim 10, 
these claims are also believed to be allowable. Applicant thus respectfully requests 
reconsideration and withdrawal of the rejection under 35 U.S.C. § 102(b), and allowance of 
claims 10-14. 

Claim 20 

Claim 20 recites, in part, "performing a first verification of a system defined by a set of 
automata, wherein the first verification comprises generating a partial solution pertaining to a 
first portion of the set of automata and generating a partial solution pertaining to a second portion 
of the set of automata," "determining that one or more automata of the first portion of the set of 
automata have been modified without modifying any automaton of the second portion of the set 
of automata" and "performing a second verification of the system, wherein the second 
verification comprises generating a partial solution pertaining to the first portion of the set of 
automata and using the partial solution pertaining to the second portion of the set of automata 
generated from the first verification." Applicant contends that Hardin et al. does not teach or 
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suggest determining whether any automaton has been modified and, therefore, cannot teach or 
suggest determining that one or more automata of the first portion of the set of automata have 
been modified without modifying any automaton of the second portion of the set of automata as 
recited in claim 20. Furthermore, Applicant contends that Hardin et al. does not teach or suggest 
saving a partial solution of a verification and, therefore, cannot teach or suggest performing a 
second verification of the system using the partial solution pertaining to the second portion of the 
set of automata generated firom the first verification as recited in claim 20. 

In view of the foregoing, Applicant contends that claim 20 is patentably distinct fi"om the 
cited reference. Applicant thus respectfiilly requests reconsideration and withdrawal of the 
rejection under 35 U.S.C. § 102(b), and allowance of claim 20. 

35U.S,C§ 102(b)- Aluret ah 

Claims 1-20 were rejected under 35 U.S.C. § 102(b) as being anticipated by Alur et al. 
(U.S. Patent No. 5,483,470). Applicant respectfiilly traverses. 

Claims 1-4 and 15-18 

Claims 1 and 15 recite, in part, "finding an under-defined state of the system," "saving 
execution traces leading up to the under-defined state," "fiirther defining the under-defined state, 
thereby generating a newly specified state" and "performing a second verification of the system 
beginning with the newly specified state, using the saved execution traces, and finding successor 
states." Applicant contends that Alur et al. does not purport to save execution traces leading up 
to an under-defined state, but merely purports to provide a diagnostic message. See, e.g., Alur et 
al., colunm 4, lines 12-14 ("If an error is detected, status line 1 1 provides a diagnostic message to 
the user.")- Alur et al. even purports to require the user to input mapping information regarding 
the prior and refined system definitions. See, e,g„ Alur et al., column 4, lines 58-64 ("When the 
next iteration is initiated, the user inputs a refined definition of the system into block 13 and a 
mapping. The mapping maps the states, and actions at the states, of the system specification in 
block 15 to the states and actions at the states of the system specification in block 13. That is, it 
maps states to states and actions to actions, as depicted in FIG. 3."). Because Alur et al. does not 
purport to save the execution traces leading up to an under-defined state, it cannot teach or 
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suggest performing a second verification of the system beginning with a newly specified state, 
using the saved execution traces, and finding successor states as recited in claims 1 and 15. 

In view of the foregoing, Applicant contends that claims 1 and 15 are patentably distinct 
fi-om the cited reference. As claims 2-4 depend from and further define patentably distinct claim 
1, and claims 16-18 depend from and further define patentably distinct claim 15, these claims are 
also believed to be allowable. Applicant thus respectfully requests reconsideration and 
withdrawal of the rejection under 35 U.S.C. § 102(b), and allowance of claims 1-4 and 15-18. 

Claims 5-9 and 19 

Claims 5 and 19 recite, in part, "saving verification data from the verification of the first 
instance of the system design, wherein the verification data comprise results of calculations used 
to verify the first instance of the system design," "modifying the system design, thereby 
generating a second instance of the system design" and "verifying the second instance of the 
system design using the saved verification data." As noted with respect to claims 1 and 15, 
Applicant contends that Alur et al. does not teach or suggest saving verification data including 
results of calculations used to verify a first instance of a system design and therefore cannot 
teach or suggest verifying a second instance of the system design using the saved verification 
data as recited in claims 5 and 1 9. 

In view of the foregoing. Applicant contends that claims 5 and 19 are patentably distinct 
from the cited reference. As claims 6-8 depend from and further define patentably distinct claim 
5, these claims are also believed to be allowable. Applicant thus respectfully requests 
reconsideration and withdrawal of the rejection under 35 U.S.C. § 102(b), and allowance of 
claims 5-9 and 19. 

Claims 10-14 

Claim 10 recites, in part, "performing a first verification of the system, wherein the first 
verification comprises generating a partial solution pertaining to a first portion of the set of 
automata and generating a partial solution pertaining to a second portion of the set of automata," 
"modifying the system, wherein modifying the system comprises modifying one or more 
automata of the first portion of the set of automata without modifying any automaton of the 
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second portion of the set of automata" and "performing a second verification of the system after 
modifying the system, wherein the second verification comprises generating a partial solution 
pertaining to the first portion of the set of automata and using the partial solution pertaining to 
the second portion of the set of automata generated from the first verification." Applicant 
contends that Alur et al. does not teach or suggest modifying one or more automata of the first 
portion of the set of automata without modifying any automaton of the second portion of the set 
of automata as recited in claim 10. Applicant further contends that as Alur et al. fails to teach or 
" suggest performing a second verification of the system after modifying the system, wherein the 
second verification comprises generating a partial solution pertaining to the first portion of the 
set of automata and using the partial solution pertaining to the second portion of the set of 
automata generated from the first verification as recited in claim 1 0. 

In view of the foregoing, Applicant contends that claim 10 is patentably distinct from the 
cited reference. As claims 11-14 depend from and further define patentably distinct claim 10, 
these claims are also believed to be allowable. Applicant thus respectfully requests 
reconsideration and withdrawal of the rejection under 35 U.S.C. § 102(b), and allowance of 
claims 10-14. 

Claim 20 

Claim 20 recites, in part, "performing a first verification of a system defined by a set of 
automata, wherein the first verification comprises generating a partial solution pertaining to a 
first portion of the set of automata and generating a partial solution pertaining to a second portion 
of the set of automata," "determining that one or more automata of the first portion of the set of 
automata have been modified without modifying any automaton of the second portion of the set 
of automata" and "performing a second verification of the system, wherein the second 
verification comprises generating a partial solution pertaining to the first portion of the set of 
automata and using the partial solution pertaining to the second portion of the set of automata 
generated from the first verification." Applicant contends that Alur et al. does not teach or 
suggest determining whether one or more automata of the first portion of the set of automata 
have been modified without modifying any automaton of the second portion of the set of 
automata as recited in claim 20. Furthermore, Applicant contends that Alur et al. does not teach 
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or suggest saving a partial solution of a verification and, therefore, cannot teach or suggest 
performing a second verification of the system using the partial solution pertaining to the second 
portion of the set of automata generated fi-om the first verification as recited in claim 20. 

In view of the foregoing, Applicant contends that claim 20 is patentably distinct fi*om the 
cited reference. Applicant thus respectfully requests reconsideration and withdrawal of the 
rejection under 35 U.S.C. § 102(b), and allowance of claim 20. 
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CONCLUSION 



In view of the above remarks, Applicant believes that all claims are in condition for 
allowance and respectfully requests a Notice of Allowance be issued in this case. If the 
Examiner has any questions regarding this application, please contact the undersigned at (612) 



Date: ^<A-?£ CPS ' ^^jt^SHmJ^ 



Attorneys for Applicant 
Leffert Jay «& Polglaze 
P.O. Box 581009 
Minneapolis, MN 55458-1009 
T 612 312-2200 
F 612 312-2250 



Respectfully submitted, 



Thomas W. Lefferr 
Reg. No. 40,697 




